Cable television networks such as those provided by Comcast Cable Communications, Inc., of Philadelphia, Pa., Cox Communications of Atlanta Ga., Time-Warner Cable, of Marietta Ga., Continental Cablevision, Inc., of Boston Mass., and others, provide cable television services to a large number of subscribers over a large geographical area. The cable television networks typically are interconnected by cables such as coaxial cables or a Hybrid Fiber/Coaxial (“HFC”) cable system which have data rates of about 10 Mega-bits-per-second (“Mbps”) to 30+ Mbps.
The Internet, a world-wide-network of interconnected computers, provides multi-media content including audio, video, graphics and text that requires a large bandwidth for downloading and viewing. Most Internet Service Providers (“ISPs”) allow customers to connect to the Internet via a serial telephone line from a Public Switched Telephone Network (“PSTN”) at data rates including 14,400 bps, 28,800 bps, 33,600 bps, 56,000 bps and others that are much slower than the about 10 Mbps, to 30+Mbps available on a coaxial cable or HFC cable system on a cable television network. Further, the ISPs allow customers to connect to the Internet via other types of connections, such as a Digital Subscriber Line (“DSL”) connection providing data transmission rates from 512 kbps to 1.544 Mbps downstream and about 128 kbps upstream, or an Asymmetric Digital Subscriber Line (“ADSL”) connection providing data transmission rates up to 6.1 Mbps downstream and 640 kbps upstream.
With the explosive growth of the Internet, many customers have desired to use the larger bandwidth of a cable television network to connect to the Internet and other computer networks. Cable modems, such as those provided by 3Com Corporation of Santa Clara, Calif., Motorola Corporation of Arlington Heights, Ill., Cisco Corporation of San Jose, Calif., Scientific-Atlanta, of Norcross, Ga., and others, offer customers higher-speed connectivity to the Internet, an intranet, Local Area Networks (“LANs”) and other computer networks via cable television networks. These cable modems currently support a data connection to the Internet and other computer networks via a cable television network with a data rate of up to 30+ Mbps, which is a much larger data rate than can be supported by a modem used over a serial telephone line.
Many cable television networks provide bi-directional cable systems, in which data is sent “downstream”, from a “headend” to a customer, as well as “upstream”, from the customer back to the headend. The cable system headend is a central location in the cable television network and, further, is responsible for sending cable signals in the downstream direction and receiving cable signals in the upstream direction. An exemplary data-over-cable system with RF return typically includes customer premises equipment entities such a customer computer, a cable modem, a cable modem termination system, a cable television network, and a data network such as the Internet.
Some cable television networks provide only uni-directional cable systems, supporting only a “downstream” data path, which provides a path for flow of data from a cable system headend to a customer. A return data path via a telephone network, such as a public switched telephone network provided by AT&T and others, (i.e., a “telephone return”) is typically used for an “upstream” data path, which provides a path for flow of data from the customer back to the cable system headend. A cable television system with an upstream connection to a telephone network is typically called a “data-over-cable system with telephony return.”
An exemplary data-over-cable system with a telephony return typically includes customer premise equipment (“CPE”) entities (such as a customer computer or a Voice over Internet Protocol (“VoIP”) device), a cable modem, a cable modem termination system, a cable television network, a public switched telephone network, a telephone remote access concentrator, and a data network (e.g., the Internet). The cable modem termination system and the telephone remote access concentrator combined are called a telephone return termination system.
If the customer premises equipment entity comprises a telephone or a device capable of sending and receiving video or voice signals, the cable modem has to be capable of sending and receiving such signals. In such cases, the cable modem typically comprises an internal media terminal adapter, which provides a network interface functionality that accepts analog voice inputs or video signal and generates IP packets using the Real Time Transport Protocol, for instance.
In a bi-directional cable system, when the cable modem termination system receives data packets from the data network, the cable modem termination system transmits received data packets downstream via the cable television network to a cable modem attached to a customer premises equipment entity. The customer premises equipment entity sends response data packets to the cable modem, which sends the response data packets upstream via the cable network. The cable modem termination system sends the response data packets back to the appropriate host on the data network.
In the case of a telephony return system, when a cable modem termination system receives data packets from a data network, the cable modem termination system transmits the received data packets downstream via a cable television network to a cable modem attached to a customer premises equipment entity. The customer premises equipment entity sends response data packets to the cable modem, which sends response data packets upstream via a public switched telephone network to a telephone remote access concentrator. Next, the telephone remote access concentrator sends the response data packets back to the appropriate host on the data network.
When a cable modem used in a cable system is initialized, the cable modem establishes a communication link to a cable modem termination system via a cable network and, in telephony return data-over-cable systems to a telephone return termination system via a public switched telephone network. As the cable modem is initialized, the cable modem initializes one or more downstream channels via the cable network. Also upon initialization, the cable modem receives a configuration file (a boot file) from a configuration server via a trivial file-transfer protocol (“TFTP”) exchange process.
The configuration file may include a plurality of configuration parameters encoded in a type-length-value format (“TLV”), for instance. The configuration file may comprise a plurality of Class-of-Service (“CoS”) and Quality-of-Service (“QoS”) parameters. The Class of Service parameters include, for example, maximum allowed data rates, minimum reserved data rate, maximum latency and a plurality of other parameters. The Quality of Service parameters include, for example, parameters defining delays expected to deliver data to a specific destination, a level of protection from unauthorized monitoring or modification of data, an expected residual error probability, a relative priority associated with data and a plurality of other parameters.
Managing dispersed serial lines and cable modem pools for a large number of users create a need for a significant administrative support. Since cable modems provide by definition a link to the outside word for many customer premise equipment entities associated with each cable modems, cable modem users require careful attention in terms of security and authentication. As is known in the art, a Remote Authentication Dial-In User Service (“RADIUS”) provides means that allows Internet Service Providers to authenticate a user, and then return all configuration information necessary for the Internet Service Provider to provide network services to the user. RADIUS typically uses distributed client/server architecture, in which a Network Access Server (“NAS”) is a client, and a RADIUS server holds and delivers authentication and profile information. In a typical system, a network access server is responsible for passing user information such as a username and a password to one or more designated RADIUS servers, and then acting on the response that is returned from the RADIUS servers.
When a network access server is configured to use RADIUS servers, any user of the network access server presents authentication information data to the network access server. As is known in the art, when a user tries to establish a communication link with its network access server, the user may be queried with a customized login prompt to enter authentication information data such as a username and a password. Once the network access server obtains the authentication information data from the user, the network access server may decide to send a message to a RADIUS server in order to authenticate the user. Once the RADIUS server receives the request, it may consult its database of users to find the user whose name matches the request. A user entry in the database may contain a list of requirements that must be met to allow network access for the user. The list of requirements, among many other parameters, typically includes a password associated with each user. If all conditions in the list of requirements are met, the RADIUS server may place a list of attribute values in a response message to the network access server. As is known in the art, the list of attribute values defines a service profile specific to the user for the duration of the access session.
Thus, as is known in the art, services offered to RADIUS users are static, and, in a typical scenario described in a proceeding paragraph, when a user dials up to a selected Internet Service Provider (“ISP”), the ISP provides network services based on a user profile received from a RADIUS server. However, as a diversity of network applications grows, static systems may not meet network requirements of many users. In the present scenario, the dial-up users may not request network services dynamically, and the current system architecture is centralized, as the user profiles are stored in a centralized location of the RADIUS.
There have been attempts to create systems having distributed architecture allowing secure communications between network devices including “Method and system for locating network services with distributed network address translation,” U.S. Pat. No. 6,055,236 by Nessett et. al. However, the U.S. Pat. No. 6,055,236 relates to providing security services on an internal distributed network address translation network, and do not solve the centralized architecture problem associated with the RADIUS server users.
Therefore, it is desirable to develop a system and method for providing dynamic services for remote access users.